From: Tom Hughes <tom@compton.nu>
Date: Sun, 11 Feb 2018 19:50:25 +0000 (+0000)
Subject: Remove ssl_enabled option for wordpress sites
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/f1be9b31bb948deaf5b68e3a918fb4e24bb39895

Remove ssl_enabled option for wordpress sites
---

diff --git a/cookbooks/blog/recipes/default.rb b/cookbooks/blog/recipes/default.rb
index f8ec4f05a..2d234cb48 100644
--- a/cookbooks/blog/recipes/default.rb
+++ b/cookbooks/blog/recipes/default.rb
@@ -31,7 +31,6 @@ wordpress_site "blog.openstreetmap.org" do
   aliases ["blog.osm.org", "blog.openstreetmap.com",
            "blog.openstreetmap.net", "blog.openstreetmaps.org",
            "blog.osmfoundation.org"]
-  ssl_enabled true
   directory "/srv/blog.openstreetmap.org/wp"
   database_name "osm-blog"
   database_user "osm-blog-user"
diff --git a/cookbooks/civicrm/recipes/default.rb b/cookbooks/civicrm/recipes/default.rb
index 5e9077652..66ba6bde2 100644
--- a/cookbooks/civicrm/recipes/default.rb
+++ b/cookbooks/civicrm/recipes/default.rb
@@ -37,7 +37,6 @@ end
 
 wordpress_site "join.osmfoundation.org" do
   aliases "crm.osmfoundation.org"
-  ssl_enabled true
   database_name "civicrm"
   database_user "civicrm"
   database_password database_password
diff --git a/cookbooks/stateofthemap/recipes/default.rb b/cookbooks/stateofthemap/recipes/default.rb
index 59d8eb18e..290ddf2c7 100644
--- a/cookbooks/stateofthemap/recipes/default.rb
+++ b/cookbooks/stateofthemap/recipes/default.rb
@@ -50,7 +50,6 @@ end
 wordpress_site "2007.stateofthemap.org" do
   aliases "2007.stateofthemap.com"
   directory "/srv/2007.stateofthemap.org/wp"
-  ssl_enabled true
   database_name "sotm2007"
   database_user "sotm2007"
   database_password passwords["sotm2007"]
@@ -78,7 +77,6 @@ end
 wordpress_site "2008.stateofthemap.org" do
   aliases "2008.stateofthemap.com"
   directory "/srv/2008.stateofthemap.org/wp"
-  ssl_enabled true
   database_name "sotm2008"
   database_user "sotm2008"
   database_password passwords["sotm2008"]
@@ -114,7 +112,6 @@ end
 wordpress_site "2009.stateofthemap.org" do
   aliases "2009.stateofthemap.com"
   directory "/srv/2009.stateofthemap.org/wp"
-  ssl_enabled true
   database_name "sotm2009"
   database_user "sotm2009"
   database_password passwords["sotm2009"]
@@ -152,7 +149,6 @@ end
 wordpress_site "2010.stateofthemap.org" do
   aliases "2010.stateofthemap.com"
   directory "/srv/2010.stateofthemap.org/wp"
-  ssl_enabled true
   database_name "sotm2010"
   database_user "sotm2010"
   database_password passwords["sotm2010"]
@@ -194,7 +190,6 @@ end
 wordpress_site "2011.stateofthemap.org" do
   aliases "2011.stateofthemap.com"
   directory "/srv/2011.stateofthemap.org/wp"
-  ssl_enabled true
   database_name "sotm2011"
   database_user "sotm2011"
   database_password passwords["sotm2011"]
@@ -236,7 +231,6 @@ end
 wordpress_site "2012.stateofthemap.org" do
   aliases "2012.stateofthemap.com"
   directory "/srv/2012.stateofthemap.org/wp"
-  ssl_enabled true
   database_name "sotm2012"
   database_user "sotm2012"
   database_password passwords["sotm2012"]
diff --git a/cookbooks/switch2osm/recipes/default.rb b/cookbooks/switch2osm/recipes/default.rb
index 1a6667021..48ef029f6 100644
--- a/cookbooks/switch2osm/recipes/default.rb
+++ b/cookbooks/switch2osm/recipes/default.rb
@@ -24,7 +24,6 @@ passwords = data_bag_item("switch2osm", "passwords")
 wordpress_site "switch2osm.org" do
   aliases ["www.switch2osm.org", "switch2osm.com", "www.switch2osm.com"]
   directory "/srv/switch2osm.org"
-  ssl_enabled true
   database_name "switch2osm-blog"
   database_user "switch2osm-user"
   database_password passwords["switch2osm-user"]
diff --git a/cookbooks/wordpress/resources/site.rb b/cookbooks/wordpress/resources/site.rb
index ee934318f..5e27717b1 100644
--- a/cookbooks/wordpress/resources/site.rb
+++ b/cookbooks/wordpress/resources/site.rb
@@ -29,7 +29,6 @@ property :database_name, :kind_of => String, :required => true
 property :database_user, :kind_of => String, :required => true
 property :database_password, :kind_of => String, :required => true
 property :database_prefix, :kind_of => String, :default => "wp_"
-property :ssl_enabled, :kind_of => [TrueClass, FalseClass], :default => false
 property :urls, :kind_of => Hash, :default => {}
 property :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true
 
@@ -92,10 +91,8 @@ action :create do
       line += " * Don't allow file editing.\n"
       line += " */\n"
       line += "define('DISALLOW_FILE_EDIT', true);\n"
-      if new_resource.ssl_enabled
-        line += "define('FORCE_SSL_LOGIN', true);\n"
-        line += "define('FORCE_SSL_ADMIN', true);\n"
-      end
+      line += "define('FORCE_SSL_LOGIN', true);\n"
+      line += "define('FORCE_SSL_ADMIN', true);\n"
     end
 
     line
@@ -132,7 +129,6 @@ action :create do
 
   ssl_certificate new_resource.site do
     domains [new_resource.site] + Array(new_resource.aliases)
-    only_if { new_resource.ssl_enabled }
   end
 
   apache_site new_resource.site do
@@ -140,14 +136,13 @@ action :create do
     template "apache.erb"
     directory site_directory
     variables :aliases => Array(new_resource.aliases),
-              :urls => new_resource.urls,
-              :ssl_enabled => new_resource.ssl_enabled
+              :urls => new_resource.urls
     reload_apache false
   end
 
-  http_request "http://#{new_resource.site}/wp-admin/upgrade.php" do
+  http_request "https://#{new_resource.site}/wp-admin/upgrade.php" do
     action :nothing
-    url "http://#{new_resource.site}/wp-admin/upgrade.php?step=1"
+    url "https://#{new_resource.site}/wp-admin/upgrade.php?step=1"
     subscribes :get, "subversion[#{site_directory}]"
   end
 
diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb
index 59b63f753..34c25059d 100644
--- a/cookbooks/wordpress/templates/default/apache.erb
+++ b/cookbooks/wordpress/templates/default/apache.erb
@@ -11,7 +11,6 @@
   CustomLog /var/log/apache2/<%= @name %>-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-<% if @ssl_enabled -%>
   RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
   RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
@@ -20,7 +19,6 @@
   ServerName <%= @name %>
 <% @aliases.each do |alias_name| -%>
   ServerAlias <%= alias_name %>
-<% end -%>
 
   ServerAdmin webmaster@openstreetmap.org